FICUSONLINE F9E
ORANGEPI + RTL8188 ROUTER
RTL8188(ETV/EUS/ES) driver is not activated the concurrent mode on the latest Armbian(4.19.y), so it couldn't be worked the client and the access point modes simultaneously.
Takanobu FuseAdministrator

14 min read

5 years ago

Hardware

RTL8188(ETV/EUS/ES) driver is not activated the concurrent mode on the latest Armbian(4.19.y), so it couldn't be worked the client and the access point modes simultaneously. Under this latest OS version, I will try to make the new RTL8188(ETV/EUS/ES) driver to compile from the source code. Please also refer to the previous blog content for using OrangePiPC as a router on this site.


Hardware and OS

OrangePiPC: ARMBIAN 5.70 stable Debian GNU/Linux 9 (stretch) 4.19.13-sunxi + RTL8188ETV(EUS/EU)USB-Wifi dongle

Orangepipc Info

Realtek Rt L8188 Eu

Refference site

Compile and install the wifi driver on Allwinner SoC

http://linux-sunxi.org/Wifi#Debian.2Fubuntu_with_NetworkManager

http://randomstuffidosometimes.blogspot.com/2016/03/rtl8192cu-and-rtl8188cus-in-station-and.html

RTL8188 driver source on Github

https://github.com/capitalfuse/rtl8188eus/tree/v5.2.2.4

this is foolked from "https://github.com/quickreflex/rtl8188eus/tree/v5.2.2.4" and modified.

Download Armbian(OrangePiPC)

https://dl.armbian.com/orangepipc/

Please check your download kernel version also distribute the linux header files for compiling from the source sode.

Armbian Orangepipc

 


New application

hostapd has been installed as default, the following application should be installed.

dnsmasq : DNS・DHCP Server

iptables-persistent:iptables loads the rule at the system start up

$ sudo apt-get install dnsmasq iptables-persistent

On the way of installing iptables-persistent, input "yes" for making the rule files of IP4 and IP6.


Working flow

Working flow will be the followings,

  1. Configure the network interfaces

  2. Deactivate services related to NetworkManager

  3. Install linux header files for compiling

  4. Confirm the added network interface

  5. Configure hostapd(access point daemon)

  6. Configure dnsmasq

  7. Setting NAT and iptables rule


1. Configure the network interfaces

edit the file /etc/network/interfaces for configuring the network interfaces

$ sudo pico /network/interfaces

Contents like the following,

# Wired adapter #1
allow-hotplug eth0
#no-auto-down eth0
iface eth0 inet dhcp
#address 192.168.0.100
#netmask 255.255.255.0
#gateway 192.168.0.1
dns-nameservers 8.8.8.8 8.8.4.4
#	hwaddress ether # if you want to set MAC manually
#	pre-up /sbin/ifconfig eth0 mtu 3838 # setting MTU for DHCP, static just: mtu 3838


# Wireless adapter #1
# Armbian ships with network-manager installed by default. To save you time
# and hassles consider using 'sudo nmtui' instead of configuring Wi-Fi settings
# manually. The below lines are only meant as an example how configuration could
# be done in an anachronistic way:
# 
#---- Realtek 8188eu wlan interface AP (access defined in /etc/hostapd/hostapd.conf)
allow-hotplug wlan1
iface wlan1 inet static
address 11.22.33.44
netmask 255.255.255.0
network 11.22.33.0
#gateway 192.168.0.1
#dns-nameservers 8.8.8.8 8.8.4.4
#   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# Disable power saving on compatible chipsets (prevents SSH/connection dropouts over WiFi)
#wireless-mode Managed
#wireless-power off

#----Realtek 8188eu wlan interface client
allow-hotplug wlan0
iface wlan0 inet dhcp
#address 192.168.10.164
#netmask 255.255.255.0
#network 192.168.10.0
#gateway 192.168.10.1
dns-nameservers 8.8.8.8 8.8.4.4
   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# Disable power saving on compatible chipsets (prevents SSH/connection dropouts over WiFi)
#wireless-mode Managed
#wireless-power off

# Local loopback
auto lo
iface lo inet loopback

wlan1: an access point, wlan0: a client connecting with internet.

wlan0 STA mode authorizes the encryption passphrase made of wpa_supplicant, so edit wpa_supplicant.conf

Make the encryption passphrase from the combination of the access point (SSID) and the passphrase

$ wpa_passphrase MYSSID passphrase
network={
    ssid="MYSSID"
    #psk="passphrase"
    psk=59e0d07fa4c7741797a4e394f38a5c321e3bed51d54ad5fcbd3f84bc7415d73d
}

Copy and paste the above output.

$ sudo pico /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant 
ctrl_interface_group=0
update_config=1

network={
    ssid="MYSSID"
    #psk="passphrase"
    psk=59e0d07fa4c7741797a4e394f38a5c321e3bed51d54ad5fcbd3f84bc7415d73d
    key_mgmt=WPA-PSK
    priority=99 
}

2. Deactivate services related to NetworkManager

Following these services should be deactivated to use systemctl mask command.

NetworkManager-dispatcher.service
NetworkManager-wait-online.service
NetworkManager.service
sudo systemctl mask NetworkManager

Ho to check these services to be deactivated.

$ systemctl list-unit-files

3. Install linux header files for compiling

Install linux header files corresponding with your linux kernel version to compile source code.

The followings explain how to check kernel version, search linux-headers and install.

$ uname -a

Linux orangepipc 4.19.13-sunxi #5.70 SMP Sat Jan 12 15:43:21 CET 2019 armv7l GNU/Linux

$ apt search linux-header

linux-headers-next-sunxi/stretch,now 5.70 armhf
  Linux kernel headers for 4.19.13-sunxi on armhf


$ sudo apt install linux-headers-next-sunxi

Next, clone or download the souce codes from github.

Change the directory cloned or downloaded folder, and make compile and install.

This repository is folked from the original and fixed some codes and bugs. Please also check the following site to confirm the diff.

(Main modified point is the activated concurrent mode.)

https://github.com/capitalfuse/rtl8188eus/commit/4eb5cffbb106255db771a9d5c453f43be6b0edfa

Rtl8188 Concurrent Mode

$ git clone --single-branch --branch v5.2.2.4 https://github.com/capitalfuse/rtl8188eus.git

$ cd rtl8188eus

$ make 

$ sudo make install

Delete default driver of rtl8188eu.

$ sudo rm -rf /lib/modules/`uname -r`/kernel/drivers/net/wireless/rtl8188eu

Finally, System restart.

$ sudo reboot

4. Confirm the added network interface

Confirm an additional network interface "phy1" and "Supported interface modes" including "* AP"

$ sudo iw list

Wiphy phy1
	max # scan SSIDs: 9
	max scan IEs length: 2304 bytes
	max # sched scan SSIDs: 0
	max # match sets: 0
	max # scan plans: 1
	max scan plan interval: -1
	max scan plan iterations: 0
	Retry short limit: 7
	Retry long limit: 4
	Coverage class: 0 (up to 0m)
	Supported Ciphers:
		* WEP40 (00-0f-ac:1)
		* WEP104 (00-0f-ac:5)
		* TKIP (00-0f-ac:2)
		* CCMP-128 (00-0f-ac:4)
	Available Antennas: TX 0 RX 0
	Supported interface modes:
		 * IBSS
		 * managed
		 * AP
		 * monitor
		 * P2P-client
		 * P2P-GO
.........
.........
.........

Also check an additional interface of wlan1 to use iwconfig and ifconfig commnds.

Note) Contents displays after finished all settings.

$ sudo iwconfig

wlan0     IEEE 802.11bgn  ESSID:"xxxxxxxxxxxxx"  Nickname:"< WIFI@REALTEK>"
          Mode:Managed  Frequency:2.442 GHz  Access Point: xx:xx:xx:xx:xx:xx   
          Bit Rate:150 Mb/s   Sensitivity:0/0  
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:****-****-****-****-****-****-****-****   Security mode:open
          Power Management:off
          Link Quality=81/100  Signal level=46/100  Noise level=0/100
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

lo        no wireless extensions.

eth0      no wireless extensions.

wlan1     IEEE 802.11bgn  ESSID:"access_point"  Nickname:"< WIFI@REALTEK>"
          Mode:Master  Frequency:2.442 GHz  Access Point: xx:xx:xx:xx:xx:xx   
          Bit Rate:72.2 Mb/s   Sensitivity:0/0  
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=82/100  Signal level=53/100  Noise level=0/100
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

dummy0    no wireless extensions.

Confirm wlan0 from ifconfig command.

Note) Contents displays after finished all settings.

$ sudo ifconfig

..............
..............
..............

wlan0: flags=4163< UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.xx.xx  netmask 255.255.255.0  broadcast 192.168.xx.255
        inet6 xxxxxxxx  prefixlen 64  scopeid 0x20< link>
        ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 292375  bytes 345689076 (329.6 MiB)
        RX errors 0  dropped 8334  overruns 0  frame 0
        TX packets 188019  bytes 40135541 (38.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan1: flags=4163< UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 11.22.33.44  netmask 255.255.255.0  broadcast 11.22.33.255
        inet6 fe80::ccd2:9bff:fe3f:401d  prefixlen 64  scopeid 0x20< link>
        ether aa:bb:cc:dd:ee:ff  txqueuelen 1000  (Ethernet)
        RX packets 235863  bytes 43983417 (41.9 MiB)
        RX errors 0  dropped 3949  overruns 0  frame 0
        TX packets 305252  bytes 338888122 (323.1 MiB)
        TX errors 0  dropped 304 overruns 0  carrier 0  collisions 0

5. Configure hostapd(access point daemon)

Set the hostapd config file at starting it's daemon to load.

$ sudo pico /etc/default/hostapd

Uncomment the line of DAEMON_CONF="/etc/hostapd/hostapd.conf"

# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
DAEMON_CONF="/etc/hostapd/hostapd.conf"

Make the hostapd config file.

$ sudo pico /etc/hostapd/hostapd.conf

Set the ssid,wpa_passphrase and so on. "interface" should be wlan0 or wlan1 confirmed from $sudo iwconfig.

##### hostapd configuration file ##############################################

interface=wlan1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=access_point
channel=5

# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
# and/or WPA2 (full IEEE 802.11i/RSN):
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)

wpa=2
preamble=1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
rsn_pairwise=CCMP

wpa_passphrase=pass_phrase
#wpa_psk=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Enable internal EAP server for EAP-WSC (part of Wi-Fi Protected Setup)
#eap_server=1
#wpa_psk_radius=1

# Station MAC address -based authentication
# Please note that this kind of access control requires a driver that uses
# hostapd to take care of management frame processing and as such, this can be
# used with driver=hostap or driver=nl80211, but not with driver=atheros.
# 0 = accept unless in deny list
# 1 = deny unless in accept list
# 2 = use external RADIUS server (accept/deny lists are searched first)

macaddr_acl=0
accept_mac_file=/etc/hostapd/hostapd.accept
deny_mac_file=/etc/hostapd/hostapd.deny

# bit 0 = Open System Authentication
# bit 1 = Shared Key Authentication (requires WEP)
auth_algs=1

##### Wi-Fi Protected Setup (WPS) #############################################


##### default configuration #######################################

driver=nl80211
beacon_int=100
hw_mode=g
ieee80211n=1

# QoS support ->1
wmm_enabled=0 

ht_capab=[SHORT-GI-20][SHORT-GI-40]

max_num_sta=100
#country_code=JP

If hostapd has some problems, also compile from the source code. In the below figure,the green lines shows how to process WPA/WPA2 authorization in hostapd as a minimum function.

https://w1.fi/hostapd/

Hostapd


6. Configure dnsmasq

To distribute IP adresses for clients, DHCP server should be installed. Dnsmasq has this function (already installed).

Configure dnsmasq.conf file.

$ sudo pico /etc/dnsmasq.conf

Deactivated DHCP function on Dnsmasq for default use, to activate DHCP function, set parameters in /etc/dnsmasq.conf .

# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
#port=5353

# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# unnecessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link unnecessarily.

# Never forward plain names (without a dot or domain part)
domain-needed

# Never forward addresses in the non-routed address spaces.
bogus-priv

# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no-resolv

# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/11.22.33.44

server=8.8.8.8
server=8.8.4.4

# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.

local=/mydomain.net/

# Add domains which you want to force to an IP address here.
# The example below send any host in double-click.net to a local
# web-server.
#address=/double-click.net/127.0.0.1

address=/myhome.gw/11.22.33.44

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.

interface=wlan1

# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)

listen-address=127.0.0.1
listen-address=11.22.33.44

# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.

bind-interfaces

# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.

expand-hosts

# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=thekelleys.org.uk

domain=mydomain.net

# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.

dhcp-range=11.22.33.44,11.22.33.200,12h

# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60

dhcp-host=aa:bb:cc:dd:ee:ff,11.22.33.44


# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries

# Log lots of extra information about DHCP transactions.
#log-dhcp

# Include another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
#conf-dir=/etc/dnsmasq.d

# Include all the files in a directory except those ending in .bak
#conf-dir=/etc/dnsmasq.d,.bak

# Include all files in a directory which end in .conf
#conf-dir=/etc/dnsmasq.d/,*.conf

dhcp-host should be match with wlan1 hardware address (confirm from $sudo ifconfig).

dhcp-range should be match with /etc/network/interfaces .


7. Setting NAT and iptables rule

Clients connected to the access point conduct to one IP address by NAT.

$ sudo pico /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Uncomment "net.ipv4.ip_forword=1".

For activating the above seting,

$ sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

Bridge wlan0 and wlan1 by iptables commands

$ sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
$ sudo iptables -A FORWARD -i wlan0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT

How to confirm iptables current settings.

$ sudo iptables -t nat -S
$ sudo iptables -S

To load the above iptables settings at system startup automatically, save the current iptables rules to the rules.v4 file made by iptables-persistent.

$ sudo sh -c "iptables-save > /etc/iptables/rules.v4"

System restart and confirm wlan1 AP from iwconfig or ifconfig commands.

Please also check the same article in forum site.